A. Khedron de León - May 01, 2020

It’s Time to Join Big Tech with FIDO2-based Strong Authentication

We live in perilous times, both with regards to our personal health and our online security. Similar to physical viruses like the COVID-19-causing coronavirus, computer viruses spread in a variety of ways and are unforgiving of mistakes. All it takes is one seemingly minor mistake or oversight for a computer virus to infect systems opening the flood gates of sensitive personal and corporate data publicly released or held for ransom with severe long-term costs to individuals and organizations.

The single best way to prevent a computer virus from infecting your systems is to implement Fast Identification Online (FIDO) strong authentication—both in your personal and professional online interactions. In short, FIDO authentication uses common devices instead of passwords to authenticate for digital services. If you have doubts about passwordless authentication, just take a look at the National Institute of Standards and Technology (NIST)’s publication on why FIDO2, the newest set of FIDO specifications, is the highest level of authentication available today.

It may feel counterintuitive to make significant changes to your cybersecurity approach during a pandemic that has upended the way we work. Despite or perhaps because of the uncertainty of how things will resolve, it’s actually the perfect time to switch gears and adopt FIDO2; we are all in the process of adapting to new methods and require more certainty about cybersecurity in particular.

Here are five reasons to switch to FIDO2 now:

  1. Passwords Are Obsolete
    Authentication has been based on passwords for thousands of years, and the advent of electronic computing adapted the idea into standard use—but that was 60 years ago. Passwords are easily hacked, can be forgotten, and are generally not changed often enough to deter attackers.
  2. FIDO Is an Established TechnologyThe FIDO Alliance was formed in 2014 with a mission of developing a method of strong authentication that was both secure by default and by design, was affordable, and was as simple as possible. They’ve attracted the largest players in the industry—Microsoft, Facebook, Twitter, and more—who have all recognized the value in strong authentication; even Apple has jumped in, and they plan to include FIDO2 authentication in their phones going forward. This level of adoption almost guarantees that FIDO2 will become the norm across the tech world. The conclusion to be drawn here is that soon no one will want to conduct business without it.
  3. Your Phone Is a FIDO Device
    With Apple joining in (Android got on the wagon awhile back), almost everyone’s phones will have the capability to process FIDO-style strong authentication at least via pattern or PIN. Newer phones with fingerprint scanners and Face ID are actual FIDO devices in your pocket, with no additional cost outside of your normal telephony expenses.
  4. Free to Implement with Huge ROI
    The FIDO Alliance has done the up-front work for you of designing a safe method to authenticate; many companies have developed a server for you—there’s even one that’s free for you to adapt for your own use. If there are no passwords to steal, getting a potential victim’s credentials becomes much trickier to accomplish. Add to that the fact that most breaches are the result of human error surrounding identity and access, and it’s a no-brainer compared to the millions of dollars breaches can cost. According to IBM the average cost of a data breach is $3.9 million, coming to about $150 per record.
  5. Easy to Use for Frictionless User Adoption
    FIDO-style authentication is one of the few things in the modern computer industry that is both easy and secure. If you don’t want to use your phone, an unattached FIDO authenticator can be shipped to you for under $20, and it is good forever. When you register, you submit some info and touch the authenticator (form factors vary, but the universal constant is the test of user presence), and from then on, you just touch it when prompted to login. If you lose it, you can register another one and delete the compromised one—in that respect, a FIDO authenticator is superior to using your phone, because it is much easier and less expensive to replace. And when security is easy to use you’ll find little resistance to adoption.

The hard work of developing FIDO strong authentication has been done already; just do a little homework to ensure you choose a cybersecurity vendor to help you implement FIDO2 in a cost-effective way that will work best for your particular organization. And be sure to include StrongKey in your vendor consideration set. Users are already set as long as they possess a mobile phone. If businesses choose to implement their own FIDO2 authentication system, the same free server mentioned above includes an already-built API to customize. If you prefer not to spend resources on R&D, there are FIDO servers for available with a quick search.

That said, StrongKey will beat the price of any FIDO server on the market today. We have decades of experience doing this stuff. Go ahead and shop around. We’ll be here.

Cybersecurity can be hard, we get it. Click here to request a free security assessment.

FIDO